Cannot take userPrincipal in JSP Filter

Mustafa Var

Greenhorn

Posts: 8

posted 10 years ago

Hello,

I use WebSphere Application Server and a form based authentication for user login to my Web Application.

In order to check authorization of the user i need to use filter for JSP pages and Servlets. For now I can insert the username into session object and in my filter i check the authorization with the username in the session.

I want to do it by using the HttpServletRequest getRemoteUser() or getUserPrincipal() methods, but Filter interface's doFilter() method takes ServletRequest object as parameter, and ServletRequest object doesnot have getRemoteUser() and getUserPrincipal() methods when i cast ServletRequest to HttpServletRequest, methods return empty values.

I also tried to take the Caller Subject from current thread but user seems unauthenticated in Filter.

I'm not sure if it is the same in the current version of WAS, but the last time I used it, you could only get the UserPrinciple if the user was logged in and the resource was secured. I'm not entirelky sure how this would apply to Filters, but I'm guessing if the filter wasn't fired by a protected resource you won't see anything.

Dave

Mustafa Var

Greenhorn

Posts: 8

posted 10 years ago

It is a good point Dave thanks

but there is a problem about trying that, i dont know how to secure the filter. it seems that it would be secured in application's policy file.

I m using WSAD to develop applications when i add a filter (e.g myFilter) it adds also itself to URL Mappings of that filter as /myFilter, i added the /myFilterpattern to my secure resources but it is same as before. user seems unauthenticated again.

Mustafa VAR<br />Computer Engineer

Mustafa Var

Greenhorn

Posts: 8

posted 10 years ago

Ok It is solved.

Problem is that Dave said. Thank you Dave.

the filtered JSP pages have to be defined in secure resources. it didnt worked first time i added but it works now when i added them again.